BitDam

Overview


BitDam cyber security blocks advanced content-borne attacks across all enterprise communication channels, empowering organisations to collaborate safely. Founded by elite intelligence professionals, BitDam proactively stops malware from running, pre-delivery, preventing hardware and logical exploits, ransomware, phishing, N-Day and Zero-Day attacks contained in any type of attachment or URL. BitDam ensures the highest attack detection rates and delivers the fastest protection from today’s email borne attacks making enterprise communications safe to click.

For more information, see the BitDam documentation .

Use cases


Scan any supported time in a short time. The BitDam scan file playbook enables you to scan a file and return the result as soon as the file scan completes. This provides a decisive verdict, stating whether the file is benign or malicious.

Configure BitDam on Demisto


  1. Navigate to Settings > Integrations > Servers & Services .
  2. Search for BitDam.
  3. Click Add instance to create and configure a new integration instance.
    • Name : a textual name for the integration instance.
    • BitDam API URL
    • API Token
    • Trust any certificate
    • Use proxy settings
  4. Click Test to validate the URLs, token, and connection.

Commands


You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook.
After you successfully execute a command, a DBot message appears in the War Room with the command details.

  1. Upload a file: bitdam-upload-file
  2. Get the verdict for a file: bitdam-get-verdict

1. Upload a file


Uploads and submits a file sample to the BitDam service.

Supported types

  • doc, dot, docx, docm, dotx, dotm
  • pdf
  • rtf
  • xls, xlt, xlsx, xlsm, xltx, xltm, xlsb, xlam
  • csv
  • ppt, pptx, pptm, potx, potm, ppam, ppsx, ppsm, pps
Base Command
bitdam-upload-file
Input
Argument Name Description Required
entryId File's entry ID from the War Room Required
Context Output
Path Type Description
BitDam.FileScan.SHA1 string SHA-1
Command Example
!bitdam-upload-file entryId=499@16
Context Example

root:{} 3 items
BitDam:{} 1 item
FileScan:{} 1 item
SHA1:68f009dc92a405d1015026e8e30e6d1598047124

Human Readable Output

image

2. Get the verdict of a file


Returns the verdict of a scanned file.

Base Command
bitdam-get-verdict
Input
Argument Name Description Required
idValue The value of the file's unique identifier. Example: the file SHA-1. Required
idType Identifier type. Default is SHA-1. Optional
Context Output
Path Type Description
BitDam.Analysis.Status string Status of the analysis ("DONE" or "IN_PROGRESS")
BitDam.Analysis.Verdict string Final verdict of the analysis ("Clean", "Malicious", or empty if the analysis is not finished.
BitDam.Analysis.ID string Unique identifier
DBotScore.Indicator string The Indicator
DBotScore.Score number The DBot score
DBotScore.Type string The indicator type
DBotScore.Vendor string The DBot score vendor
File.Malicious.Name string File name
File.Malicious.Vendor string For malicious files, the vendor that made the decision
File.Malicious.Description string For malicious files, the reason that the vendor made the decision
Command Example
!bitdam-get-verdict idValue=68f009dc92a405d1015026e8e30e6d1598047124
Context Example

root:{} 4 items
BitDam:{} 2 items
Analysis:{} 3 items
ID:68f009dc92a405d1015026e8e30e6d1598047124
Status:DONE
Verdict:CLEAN
FileScan:{} 1 item
SHA1:68f009dc92a405d1015026e8e30e6d1598047124
DBotScore:{} 4 items
Indicator:68f009dc92a405d1015026e8e30e6d1598047124
Score:1
Type:File
Vendor:BitDam

Human Readable Output

image